Jan 14
Top Secret
Mid Level Career (5+ yrs experience)
IT - Security
Security Architect ‐ Senior Level
Task Area 4:National Security Systems (NSS) Risk Management and Compliance
Period of Performance:
* 3/13/2023 to 3/12/2024
Security Clearance Required:
* Top Secret and SCI Eligible
Certification Requirements:
* CISSP or CISM or CRISC or CCSP
Required Years of Experience:
* 8
Job Location:
* Hybrid, SCIF, TSA Headquarters 6595 Springfield Center Dr. Springfield, VA 22150
Education Requirement:
* Bachelor's Degree in Computer Science or related field
Desired Skillset / Knowledge:
* Foundation and understand the capabilities of Security Architecture
* Abundant knowledge of scanning applications (Nessus)
* Apply STIGs
* Cloud
* Linux
* System Administrator background
* MS SQL
* Splunk
Job Description:
National Security System (NSS) assessment and analysis shall consist of cybersecurity
risk assessments, security control assessments, creation of Body of Evidence (BoE)
artifacts (e.g., Security Assessment Report (SAR)) in support of Risk Management
Framework (RMF) activities in accordance with DHS 4300B policy and guidance, system categorization coordination, and cyber risk recommendation reporting, in support of NSCD work products. The Contractor shall provide the monitoring and analysis services.
Responsibilities:
* Architecture and design documents. Document changes and create/update architecture and design documents.
* Procedures Documents. Develop procedures for the continuous monitoring of devices accessing DHS networks that are outside the scope of current manual and automated capabilities to ensure visibility of all systems.
* Trending and ad-hoc reports. Generate trending and ad-hoc reports as requested.
* Guidance documents and policy. Develop draft guidance and policy regarding virtual environments.
* Support current and future enhancements and transition of DHS CISOD tools and requirements. POC should be able to generate scripts, queries primarily in MS SQL & Splunk.
* Provide architecture advisement to the government including, but not limited to, network security and engineering, active directory design and implementation, application integration, and system hierarchy.
* Analyze continuous monitoring, configuration management, vulnerability management, asset management, software management and self-reported data to identify trends and anomalies cybersecurity performance and mitigation of risks.
* Create Security Impact Analysis Reports.
* Document technical meeting notes.
* Create presentation/briefs.
Additional Support:
* Prepare documents such as charters, agendas, presentations, and memorandum.
* Maintain distribution groups, points of contact lists, and group membership listings
* Publish messages and notifications to the DHS community
* Coordinate with the CISOD Business Offices to route and trackcommunications with executives and HQ components.
* Create and maintain forms, document templates and a register for CISODforms and templates which support cybersecurity activities throughout thedepartment.
* Prepare, track, and provide status reports on data calls
* Develop, maintain, and update Standard Operating Procedures (SOPs),handbooks, ConOps and instructions for all internal processes.
* Keep up to dateinternal SOP/documentations of all processes at a location specified by the FederalLead (SharePoint, Shared Folder, Knowledgebase, etc.).
* Generate meetings minutes as requested
* Follow and leverage the internal DHS processes to perform their duties.
* Create and deploy custom reports and dashboards, working with the governmentpoints of contact, to provide specific content to the government on a needbybasis and as otherwise specified by the Federal Leads on a set frequency.
* Provide weekly and ad hoc reports summarizing the adherence to agreed-upon schedules.
> The report shall include detailed summaries of:
* length and number of delays
* recommendations for "get-well" plans
* Additionally, the reports shall summarizethe work completed and milestones met to include metrics.
* Generate trending and ad-hoc reports as requested. Reporting includes extractingdata from the CISOD databases, designing, developing, and implementing automatedreports. Data being reported may represent subsets of the overall Performancereporting or new/unique data sets based on entire compliance data stored within thesupporting tools
* Engage and support in planning and coordinating the various Working Group Meetings
* Provide guidance and recommendations to Federal SMEs on processes and projects.
* Provide customer service support to DHS Enterprise by responding andresolving DHS Helpdesk tickets.
* Support modernization of all Cybersecurity processes and methodologies to beemployed across the Enterprise and MGMT
* Collaborate and coordinate successfully with other contract vendors and Governmentpersonnel.
* Respond to component questions via helpdesk tickets, Microsoft Teamsmessages, emails, and phone calls.
* Provide recommendations and feedback on the DHS policies
* Provide, develop, maintain, update, store, and distribute weekly/monthly/quarterly/ad-hoc reports, meeting minutes, user feedback as requestedby the Federal Lead.
* Propose process improvements accordingly to Federal Lead.
* Support Cybersecurity process innovation and automation to support thenew Cybersecurity processes and methodologies that will be developed inautomated tools.
* Develop, update, maintain and provide training materials and resources toprovide guidance to DHS Enterprise and MGMT on subject areas.
* Develop, maintain, update, store, and distribute Standard Operating Proceduresfor all routine activities to ensure standardization of activities and enable thetransition of activities across members of the team
* Develop metrics and recommend improvements for tracking progress oncybersecurity subject areas and programs.
* Develop and maintain weekly Executive reports and PMR reports.
* Attend Working Groups, meetings and discussions and provide feedback andideas for improvements.
* Develop unique Cybersecurity training materials and resources to provideguidance regarding process, documentation and understanding of responsibilities.This can be provided in-person, online or on a training platform like thePerformance and Learning Management System (PALMS) or the Federal VirtualTraining Environment (FedVTE).
* Develop trainings for users across HQ componentsbased on the new changes recommended by DHS Management for this FY
* Develop and maintain Key Performance Indicators (KPI) and metrics toevaluate the performance and identify key areas of improvements in the subjectareas or programs. Recommend changes to improve the quality and reduce thelevel of effort and elapsed time required for approved metrics weekly to theFederal Lead.
* Develop metric reports to evaluate Cybersecurity Risk management and
* Scorecard progress on weekly/monthly basis.
* Collaborate with other teams to ensure that Cybersecurity processes areeffectively maintained and tracked.
* Work with DHS Enterprise to identify, develop, and implement Cybersecurityprograms best practices, and general guidance for use across the federal government.
* Support current and future enhancements and transition of DHS CISODtools and requirements.
Task Area 4:National Security Systems (NSS) Risk Management and Compliance
Period of Performance:
* 3/13/2023 to 3/12/2024
Security Clearance Required:
* Top Secret and SCI Eligible
Certification Requirements:
* CISSP or CISM or CRISC or CCSP
Required Years of Experience:
* 8
Job Location:
* Hybrid, SCIF, TSA Headquarters 6595 Springfield Center Dr. Springfield, VA 22150
Education Requirement:
* Bachelor's Degree in Computer Science or related field
Desired Skillset / Knowledge:
* Foundation and understand the capabilities of Security Architecture
* Abundant knowledge of scanning applications (Nessus)
* Apply STIGs
* Cloud
* Linux
* System Administrator background
* MS SQL
* Splunk
Job Description:
National Security System (NSS) assessment and analysis shall consist of cybersecurity
risk assessments, security control assessments, creation of Body of Evidence (BoE)
artifacts (e.g., Security Assessment Report (SAR)) in support of Risk Management
Framework (RMF) activities in accordance with DHS 4300B policy and guidance, system categorization coordination, and cyber risk recommendation reporting, in support of NSCD work products. The Contractor shall provide the monitoring and analysis services.
Responsibilities:
* Architecture and design documents. Document changes and create/update architecture and design documents.
* Procedures Documents. Develop procedures for the continuous monitoring of devices accessing DHS networks that are outside the scope of current manual and automated capabilities to ensure visibility of all systems.
* Trending and ad-hoc reports. Generate trending and ad-hoc reports as requested.
* Guidance documents and policy. Develop draft guidance and policy regarding virtual environments.
* Support current and future enhancements and transition of DHS CISOD tools and requirements. POC should be able to generate scripts, queries primarily in MS SQL & Splunk.
* Provide architecture advisement to the government including, but not limited to, network security and engineering, active directory design and implementation, application integration, and system hierarchy.
* Analyze continuous monitoring, configuration management, vulnerability management, asset management, software management and self-reported data to identify trends and anomalies cybersecurity performance and mitigation of risks.
* Create Security Impact Analysis Reports.
* Document technical meeting notes.
* Create presentation/briefs.
Additional Support:
* Prepare documents such as charters, agendas, presentations, and memorandum.
* Maintain distribution groups, points of contact lists, and group membership listings
* Publish messages and notifications to the DHS community
* Coordinate with the CISOD Business Offices to route and trackcommunications with executives and HQ components.
* Create and maintain forms, document templates and a register for CISODforms and templates which support cybersecurity activities throughout thedepartment.
* Prepare, track, and provide status reports on data calls
* Develop, maintain, and update Standard Operating Procedures (SOPs),handbooks, ConOps and instructions for all internal processes.
* Keep up to dateinternal SOP/documentations of all processes at a location specified by the FederalLead (SharePoint, Shared Folder, Knowledgebase, etc.).
* Generate meetings minutes as requested
* Follow and leverage the internal DHS processes to perform their duties.
* Create and deploy custom reports and dashboards, working with the governmentpoints of contact, to provide specific content to the government on a needbybasis and as otherwise specified by the Federal Leads on a set frequency.
* Provide weekly and ad hoc reports summarizing the adherence to agreed-upon schedules.
> The report shall include detailed summaries of:
* length and number of delays
* recommendations for "get-well" plans
* Additionally, the reports shall summarizethe work completed and milestones met to include metrics.
* Generate trending and ad-hoc reports as requested. Reporting includes extractingdata from the CISOD databases, designing, developing, and implementing automatedreports. Data being reported may represent subsets of the overall Performancereporting or new/unique data sets based on entire compliance data stored within thesupporting tools
* Engage and support in planning and coordinating the various Working Group Meetings
* Provide guidance and recommendations to Federal SMEs on processes and projects.
* Provide customer service support to DHS Enterprise by responding andresolving DHS Helpdesk tickets.
* Support modernization of all Cybersecurity processes and methodologies to beemployed across the Enterprise and MGMT
* Collaborate and coordinate successfully with other contract vendors and Governmentpersonnel.
* Respond to component questions via helpdesk tickets, Microsoft Teamsmessages, emails, and phone calls.
* Provide recommendations and feedback on the DHS policies
* Provide, develop, maintain, update, store, and distribute weekly/monthly/quarterly/ad-hoc reports, meeting minutes, user feedback as requestedby the Federal Lead.
* Propose process improvements accordingly to Federal Lead.
* Support Cybersecurity process innovation and automation to support thenew Cybersecurity processes and methodologies that will be developed inautomated tools.
* Develop, update, maintain and provide training materials and resources toprovide guidance to DHS Enterprise and MGMT on subject areas.
* Develop, maintain, update, store, and distribute Standard Operating Proceduresfor all routine activities to ensure standardization of activities and enable thetransition of activities across members of the team
* Develop metrics and recommend improvements for tracking progress oncybersecurity subject areas and programs.
* Develop and maintain weekly Executive reports and PMR reports.
* Attend Working Groups, meetings and discussions and provide feedback andideas for improvements.
* Develop unique Cybersecurity training materials and resources to provideguidance regarding process, documentation and understanding of responsibilities.This can be provided in-person, online or on a training platform like thePerformance and Learning Management System (PALMS) or the Federal VirtualTraining Environment (FedVTE).
* Develop trainings for users across HQ componentsbased on the new changes recommended by DHS Management for this FY
* Develop and maintain Key Performance Indicators (KPI) and metrics toevaluate the performance and identify key areas of improvements in the subjectareas or programs. Recommend changes to improve the quality and reduce thelevel of effort and elapsed time required for approved metrics weekly to theFederal Lead.
* Develop metric reports to evaluate Cybersecurity Risk management and
* Scorecard progress on weekly/monthly basis.
* Collaborate with other teams to ensure that Cybersecurity processes areeffectively maintained and tracked.
* Work with DHS Enterprise to identify, develop, and implement Cybersecurityprograms best practices, and general guidance for use across the federal government.
* Support current and future enhancements and transition of DHS CISODtools and requirements.
group id: 10109450
